I was recently involved in a great discussion at work about browsers. It has been common in the enterprise to have a company standard browser and that’s usually Internet Explorer 11. The reason for this in the past was because many vendors made plugins specific to Internet Explorer and in some cases sites displayed best in IE. IE was also seen as the only true enterprise browser for security reasons and also manageability as settings could be managed via Group Policy.
All the while for many years the same people who have been using IE at work have been going home and browsing with Firefox, Chrome, Safari or their mobile browser of choice. Many started to prefer Chrome in particular which made them grow frustrated with Internet Explorer when they got back to the office which has lead to more and more requests from employees to get Chrome at work.
Several years ago Google stepped up their game and released an enterprise version of Google Chrome. Providing an .msi installer for Chrome which installs to the more standard Program Files install directory rather than to the user directory used for the home version. That’s not all, they also released Group Policy templates to manage Chrome in an enterprise environment much like you would IE.
Users want Chrome. Google have provided an enterprise version of Chrome and you can manage it with Group Policy. Time to give it to them! Or is it?
Why do some hold off on deploying Chrome to the masses?
The enterprise is still dominated by Windows operating systems, IE is part of that operating system. There are still many web apps which have IE specific plugins. There are still plenty of web apps which only support IE. Right now deploying two browsers to all users in your environment also means managing two browsers. What kind of management?
What happens when your org purchases a web app which requires a Chrome extension? You’ll need to white list that extension via policy. What happens when Google make a large change which changes how some sites display or even breaks functionality? Did you test all sites before deploying each version? Do you uninstall and deploy an older version?
How do you manage updates? Check out how often Google releases new versions of Chrome. When Chrome enterprise was first released the suggestion was to allow auto-updates and not to worry that not all user’s browsers will update at the same time so it shouldn’t saturate your network as the check in time was meant to be randomized. At first it didn’t quite work as expected. Now there’s a specific GPO template for controlling updates but still the question remains, how do you handle the updates?
Usually Packagers disable auto-updates.
When a new version of an application is required they will package it and schedule the deployment to provide some level of control and oversight.
Which brings me to a point I have made when speaking at Citrix User Groups: have you ever actually looked at Google’s enterprise MSI? It’s just a wrapper. They don’t use the MSI tables. You won’t find a shortcut file table, shortcut table etc. it’s mostly just the two entries in the binary table and CustomActions. Changing something which should be simple like removing shortcuts is anything but. In most places I have worked we had a standard of no desktop shortcuts and no quick launch shortcuts which by default Chrome installs. Depending on your standards, you may require to touch and test the new package every release which is time consuming and annoying.
Google only provide support for organizations with 1k+ users and requires a subscription to the G Suite. Some of the wording in their service guidelines also suggests they still only support the latest release which as we’ve already discussed means going through many, many releases.
That’s a lot of work just to deploy another browser when they already have one which works.
Image sourced from Lifehacker Australia
Chrome’s enterprise MSI isn’t a true enterprise quality MSI. The release cycle is pretty regular and as you have probably heard a common concern among techies is that it LOVES RAM! And I don’t mean the delightful Norweigan band. If you think IE is bad when you open multiple tabs, check out what Chrome can do! For desktop users, it may not be a big deal. If they want Chrome so badly and it’s a dedicated desktop for them only, they can deal with it’s resource consumption. It does become a problem when you introduce Chrome into an RDSH scenario or VDI where resources may be more limited or shared.
The group policy templates allow you to manage many of the Chrome security features, so security is not really a big issue but like stated earlier, you’ll want to manage and maintain the policy just like you do with IE so there is extra effort involved than if you just supported a single browser. There have been some really crazy exploits related to Chrome in recent times too such as the Hola Plugin being used by cryptocurrency miners the recent Spyware suggestions and more. Frankly, there seem to be a new security concern (mostly) related to Chrome extensions every week. You need to keep on top of it!
With all of this considered, should you even deploy Chrome in your environment?
Chrome isn’t going away
Whether you like it or not. Chrome is becoming more and more of a player in enterprise. Some vendors are releasing web apps which only support modern browsers like Chrome, Firefox, Safari and Opera with no support for IE and interestingly many don’t mention support for Edge. You may try to avoid deploying it today but eventually you’ll have to.
How you deploy it is a very interesting question with many possible answers! I get into that in part 2 which you can read HERE.